Advertisement
Promo

Security threats Toolkit

Sony pleads innocent in latest rootkit fiasco

Liam Tung ZDNet Australia

Published: 31 Aug 2007 09:11 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Sony claims the rootkit-like behaviour of a device driver used to run its biometric Micro Vault USB drive was unintentional.

Sony Sweden representative Fredrik Fagerstedt told local press this week that sometimes even actions undertaken with "good will" can go wrong.

Fagerstedt's comments come the same day that antivirus firm McAfee joined the growing chorus of companies criticising Sony for compromising its customers' security.

McAfee reported that Taiwan's FineArt Technology, which makes encryption software for PCs and laptops, was responsible for creating the offending software.

McAfee's Aditya Kapoor and Seth Purdy wrote in a blog: "The authors apparently did not keep the security implications in mind" when designing the installation method.

Kapoor and Purdy catalogued the incident as one of the worst examples of "nasty rootkits that use blended techniques to hide or protect themselves".

Echoing F-Secure's Patrik Runald, the McAfee bloggers said the default installation path does nothing to stop malware authors from copying code to a directory of their choice and executing it in that location.

They added that another easy hack for malware authors would be to launch code from their chosen directory and add a start-up entry for the software to ensure it is hidden immediately on the PC's boot-up.

Sony Australia has not responded to multiple requests for comment.

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
12 out of 17 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

IT Support / Hardware Support / Technical Support - Northants

2nd Line Support Professional - London

Systems Administrator (Linux / Unix) up to 40K, Central London

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Met will not reopen phone hack investi...

The Metropolitan Police will not reopen its investigation into alleged phone hacking by the News of the World. In a press statement delivered outside Scotland Yard on Thursday, Assistant... More

Post a comment

FUD over ChromeOS's security already?

It hasn't taken long for the security vendors to wake to the potential of Google's new ChromeOS. The potential that is, to create FUD – fear uncertainty and doubt. In a release today,... More

Post a comment

Feds take DDoS in their stride

The US Department of Homeland Security has said that a series of distributed denial-of-service attacks began on US government networks on 4 July. However, Amy Kudwa, deputy press... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters